What to Do When Your Online Accounts Get Hacked

If you've been using the Internet long enough, you may have experienced something like this: you check your feed and discovered that your Twitter or Facebook account is spamming your friends with messages that you never posted; or a friend told you that you've been sending them weird messages through email or a chat app but it didn't sound like you. Or maybe you somehow lost access to one of your accounts altogether and can't log into it anymore, even if you're sure that you're using the right account. If something like this has happened to you, it's likely that you've just been hacked.

Some people would likely just cut their losses, determine that it's not worth dealing with, and just create a new account. But for some, a hacked email or social media account could be crippling, especially if you're a freelancer who uses your online account for tracking jobs or communicating with clients. Moreover, a hacked email account could lead to more serious issues – more so if that's the account you use to validate your other online accounts. Can you imagine if someone could somehow gain access to your online life just by sifting through your email?

But first things first, how could it have happened? There are a number of tools a hacker could use to get to your account details. You could have landed on a phishing page, where you were tricked into entering your credentials on a fake Facebook log-in window (this happens a lot), or your system may have been infected with a keylogger. Brute force methods could have been used, involving a tool that simply tries different passwords until it works, or you could have simply been lazy and used a common or easily-guessed password.

Whatever the reason, here's how to deal with a hacked account:

Don’t just change your password—make it stronger! This should be very obvious. Hackers will usually leave the existing password intact to make it look like there's nothing wrong. If the victim doesn't know that they've been infiltrated, it's more likely for them to make more information free for the taking. The best way to counter this—and to make sure that you don't get hacked again—is to use a stronger password that's harder to guess. A more random string of letters, numbers, and punctuation marks will make it more difficult to guess. It's also recommended to use different passwords for all accounts and change them regularly.

Go over your account settings. Sift through your account settings and check if something has changed. If a hacker didn't change your password, he might be forwarding your information to a different account. Get rid of all possible leaks. Changing your password won't be effective if your account is set up to send the hacker the new one. Do this for all your accounts.

Scan your system. Use security software to scan your system for malware that may have been feeding your keystrokes or information to the hacker, or for malware that may have infiltrated your system through a hacked account.

Get your guard up. This last one is the most important tip. Maintaining a more defensive mindset whenever you go online can go a long way in making sure that you don't get hacked again (or ever). Finally: don't fall for common phishing methods, don't click on suspicious or unverified links, and try to limit what you share on public spaces such as social media.

Sean is a professional tech journalist and editor with more than a decade of experience covering consumer tech and information security for both print and online publications. He currently works for an IT security company by day and freelances at night.